How severe is CVE-2018-12076?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.2 out of 10.

What type of vulnerability is CVE-2018-12076?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2018-12076

MEDIUM Year: 2018

CVSS v3 Score

4.2

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-200

View all →

Vulnerability Description

A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar code present on the MarketCard. An attacker could exploit this vulnerability by generating a copy of a customer's bar code. An exploit could allow the attacker to access all funds located within the MarketCard or allow unauthenticated disclosure of information.

CVE-2009-0783

MEDIUM

CVSS:4.2(Medium)

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read o...

CWE-2002009

CVE-2014-3591

MEDIUM

CVSS:4.2(Medium)

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determin...

CWE-2002014

CVE-2017-13238

MEDIUM

CVSS:4.2(Medium)

In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additio...

CWE-2002017

CVE-2018-3986

MEDIUM

CVSS:4.2(Medium)

An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a us...

CWE-2002018

CVE-2018-3987

MEDIUM

CVSS:4.2(Medium)

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces ...

CWE-2002018

CVE-2018-8315

MEDIUM

CVSS:4.2(Medium)

An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects Cha...

CWE-2002018

CVE-2018-12076

Vulnerability Description

Related Vulnerabilities

CVE-2009-0783

CVE-2014-3591

CVE-2017-13238

CVE-2018-3986

CVE-2018-3987

CVE-2018-8315